Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method, comprising: encrypting information including one or more attributes of one or more entities requesting operational transaction certificates for validating transactions in a distributed database, generating a template transaction certificate for the one or more entities based on the encrypted information of one or more attributes and a key certificate that is jointly owned through the use of digital threshold signatures, the encrypted information included in the template transaction certificate to verify proof of ownership of the one or more attributes, generating operational transaction certificates by the one or more entities based on the template transaction certificate, and issuing one or more tokens for validating corresponding ones of the transactions recorded in the distributed database, each of the one or more tokens including one of the operational transaction certificates including the encrypted information verifying the proof of ownership of the one or more attributes.
This invention relates to secure transaction validation in distributed databases, addressing challenges in verifying entity attributes and ownership for transaction certificates. The method involves encrypting attribute data of entities requesting transaction certificates, which are used to validate transactions in a distributed ledger. A template transaction certificate is generated using the encrypted attributes and a key certificate jointly owned via digital threshold signatures, ensuring collaborative control over the certificate's validity. Entities then create operational transaction certificates from the template, embedding the encrypted attributes to prove ownership. Tokens are issued for transaction validation, each containing an operational certificate with the encrypted proof of ownership. The system enhances security by decentralizing key control and ensuring attribute authenticity without exposing raw data, mitigating risks of fraud or unauthorized access in distributed ledger systems. The approach combines encryption, threshold signatures, and tokenization to streamline verification while maintaining privacy and integrity.
2. The method of claim 1 , further comprising: performing a refresh operation to obtain the one or more attributes; and retrieving the one or more attributes associated with one or more users responsive to the refresh operation being performed.
A system and method for managing user attributes in a computing environment involves dynamically retrieving and updating user-specific data to ensure accurate and current information is available for processing. The method addresses the challenge of maintaining up-to-date user attributes in applications where user data may change frequently, such as in authentication, authorization, or personalized service delivery systems. The system performs a refresh operation to fetch the latest attributes associated with one or more users from a data source, such as a database or directory service. Upon triggering the refresh operation, the system retrieves the updated attributes, ensuring that subsequent operations or decisions rely on the most recent user data. This process may be automated or manually initiated, depending on the system's requirements. The method ensures that applications using these attributes operate with current information, improving accuracy and reducing errors in user-related operations. The system may also include mechanisms to handle attribute retrieval failures or delays, ensuring robustness in dynamic environments. This approach is particularly useful in scenarios where user attributes influence access control, personalization, or other critical functions.
3. The method of claim 1 , wherein the one or more attributes are retrieved from an attribute certificate authority.
A system retrieves and validates digital certificates to authenticate users or devices in a secure network environment. The system addresses challenges in verifying digital certificates by ensuring they are issued by a trusted certificate authority (CA) and have not been revoked. The method involves obtaining a digital certificate associated with a user or device, extracting one or more attributes from the certificate, and validating these attributes against a trusted source. The attributes may include identity information, access permissions, or other security-related data. In some cases, the attributes are retrieved from an attribute certificate authority (ACA), which provides additional verification beyond the standard certificate authority. The ACA may issue attribute certificates that supplement or modify the attributes in the original digital certificate, ensuring more granular control over access and permissions. The system checks the validity of these attributes by verifying the ACA's digital signature and confirming that the attribute certificate has not been revoked. This approach enhances security by ensuring that only authorized users or devices with valid attributes can access network resources. The method may also include logging validation results for auditing purposes.
4. The method of claim 3 , further comprising responsive to retrieving the one or more attributes, returning an attribute certificate comprising an enrollment public key from an enrollment certificate acquired via the attribute certificate authority.
A system and method for managing digital certificates in a public key infrastructure (PKI) environment addresses the challenge of securely distributing and verifying attribute certificates. Attribute certificates are used to associate additional attributes with a public key, such as permissions or roles, but ensuring their authenticity and integrity is critical. The method involves retrieving one or more attributes associated with a public key from an attribute certificate authority (ACA). Upon retrieving these attributes, the system generates and returns an attribute certificate that includes an enrollment public key. This enrollment public key is derived from an enrollment certificate, which is initially obtained from the ACA. The enrollment certificate serves as a trusted anchor for verifying the authenticity of the attribute certificate. The method ensures that the attribute certificate can be cryptographically verified, preventing unauthorized modifications and ensuring that the attributes are reliably associated with the correct public key. This approach enhances security in PKI systems by providing a verifiable chain of trust for attribute certificates, which is essential for applications requiring fine-grained access control or identity verification.
5. The method of claim 1 , wherein at least one of the template transaction certificate or the operational transaction certificates correspond to different levels of an audit tree, the audit tree to be used by entities with different jurisdictions or levels of privacy to decrypt and recover the attributes.
This invention relates to a system for managing and auditing transaction certificates in a hierarchical structure, particularly for use in environments with varying jurisdictional or privacy requirements. The method involves generating a template transaction certificate and one or more operational transaction certificates, where these certificates correspond to different levels of an audit tree. The audit tree structure allows entities with different jurisdictions or privacy levels to decrypt and recover specific attributes from the certificates. This hierarchical approach ensures that only authorized entities can access certain data, depending on their position in the audit tree. The system enables selective decryption and recovery of attributes based on the entity's jurisdiction or privacy level, enhancing security and compliance in transaction auditing. The method ensures that sensitive information remains protected while allowing necessary access for auditing purposes. The hierarchical structure of the audit tree allows for flexible and scalable access control, accommodating different regulatory or privacy requirements across multiple entities. This approach is particularly useful in financial, legal, or regulatory contexts where varying levels of access are required for different stakeholders.
6. The method of claim 1 , further comprising: verifying a template transaction certificate signature of the template transaction certificate; and generating one or more keys to access template transaction certificate attribute information associated with the one or more attributes.
This invention relates to secure digital transaction systems, specifically methods for verifying and accessing template transaction certificates. The problem addressed is ensuring the integrity and authenticity of digital transactions by validating certificate signatures and securely accessing associated attribute information. The method involves verifying a template transaction certificate signature to confirm its validity and authenticity. Once verified, the method generates one or more cryptographic keys to access attribute information linked to the certificate. These attributes may include transaction details, user identities, or other relevant data. The verification step ensures that the certificate has not been tampered with, while the key generation step enables controlled access to sensitive information. This approach enhances security by combining signature validation with secure attribute access, reducing the risk of unauthorized modifications or data breaches. The method is particularly useful in financial transactions, digital identity verification, and other applications requiring high-security standards. By integrating signature verification and key-based access, the invention provides a robust framework for secure digital transactions.
7. The method of claim 6 , further comprising: concatenating a timestamp, a random value and a counter with the template transaction certificate; and signing the template transaction certificate using a private key.
A system and method for secure transaction processing involves generating and managing transaction certificates to ensure authenticity and integrity. The method addresses the challenge of verifying the legitimacy of transactions in digital systems, particularly where tampering or forgery is a risk. A template transaction certificate is created, which includes predefined transaction parameters and metadata. To enhance security, a timestamp, a random value, and a counter are concatenated with the template transaction certificate. This concatenated data is then signed using a private key, producing a digitally signed certificate. The timestamp ensures non-repudiation by recording when the transaction was authorized, the random value adds unpredictability to prevent replay attacks, and the counter provides a unique identifier for each transaction. The private key signature ensures that only authorized entities can generate valid certificates, preventing unauthorized modifications. This approach is particularly useful in financial transactions, supply chain tracking, and other applications requiring high security and verifiability. The method ensures that each transaction is uniquely identifiable, time-stamped, and cryptographically secured, mitigating risks of fraud and unauthorized access.
8. An apparatus, comprising: a processor configured to encrypt information including one or more attributes of one or more entities requesting operational transaction certificates for validating transactions in a distributed database, generate a template transaction certificate for the one or more entities based on the encrypted information of one or more attributes and a key certificate that is jointly owned through the use of digital threshold signatures, the encrypted information included in the template transaction certificate to verify proof of ownership of the one or more attributes, generate operational transaction certificates by the one or more entities based on the template transaction certificate, and issue one or more tokens for validating corresponding ones of the transactions recorded in the distributed database, each of the one or more tokens including one of the operational transaction certificates including the encrypted information verifying the proof of ownership of the one or more attributes.
This invention relates to secure transaction validation in distributed databases, addressing challenges in verifying entity attributes and ensuring ownership proof for transaction certificates. The apparatus includes a processor that encrypts information containing attributes of entities requesting operational transaction certificates, which are used to validate transactions in a distributed database. The processor generates a template transaction certificate based on the encrypted attribute information and a key certificate jointly owned through digital threshold signatures. The encrypted information within the template certificate serves as proof of ownership for the attributes. Entities then generate operational transaction certificates from the template, and the processor issues tokens for validating transactions recorded in the database. Each token contains an operational transaction certificate with the encrypted proof of ownership, ensuring secure and verifiable transaction validation. The use of digital threshold signatures for joint key ownership enhances security and trust in the validation process. This system improves the integrity and reliability of transaction validation in distributed databases by ensuring that only authorized entities with verified attributes can generate and use transaction certificates.
9. The apparatus of claim 8 , wherein the processor is further configured to perform a refresh operation to obtain the one or more attributes, and retrieve the one or more attributes associated with one or more users responsive to the refresh operation being performed.
This invention relates to a system for managing and retrieving user attributes in a computing environment. The system addresses the challenge of maintaining up-to-date user data in applications that require real-time or near-real-time access to user attributes, such as authentication systems, personalized services, or access control mechanisms. The apparatus includes a processor configured to perform a refresh operation to obtain one or more attributes associated with one or more users. The refresh operation ensures that the system retrieves the latest user attributes, which may include identifiers, permissions, preferences, or other relevant data. The processor is also configured to retrieve these attributes in response to the refresh operation, ensuring that the system always has the most current information available. This functionality is particularly useful in dynamic environments where user attributes may change frequently, such as in cloud-based services, multi-tenant systems, or applications with role-based access control. The system may also include a memory for storing the retrieved attributes and a communication interface for interacting with external data sources or services that provide the user attributes. The refresh operation can be triggered manually, automatically based on predefined conditions, or in response to specific events, such as user login, attribute updates, or scheduled intervals. By continuously refreshing and retrieving user attributes, the system ensures data consistency and accuracy, improving the reliability of applications that depend on this information.
10. The apparatus of claim 8 , wherein the one or more attributes are retrieved from an attribute certificate authority.
The invention relates to a system for managing and retrieving digital attributes, particularly in secure environments where attribute verification is critical. The problem addressed is the need for a reliable and scalable method to obtain and validate digital attributes, such as permissions, certifications, or identity-related data, from a trusted source. The apparatus includes a component that retrieves one or more attributes from an attribute certificate authority, which is a specialized entity responsible for issuing and managing attribute certificates. These certificates contain verified information about an entity, such as a user or device, and are used to enforce access control, authentication, or authorization policies. The apparatus ensures that the attributes are obtained securely and can be trusted for subsequent operations, such as granting access to resources or validating identities. The system may also include mechanisms to verify the authenticity and integrity of the retrieved attributes, ensuring they have not been tampered with or issued by an unauthorized source. This approach enhances security in environments where attribute-based access control is implemented, such as cloud computing, enterprise networks, or identity management systems. The apparatus may be integrated into larger authentication or authorization frameworks to provide a seamless and secure attribute retrieval process.
11. The apparatus of claim 10 , wherein the processor is further configured to responsive to the one or more attributes being retrieved, return an attribute certificate comprising an enrollment public key from an enrollment certificate acquired via the attribute certificate authority.
This invention relates to secure digital identity management, specifically a system for retrieving and validating attribute certificates in a public key infrastructure (PKI) environment. The problem addressed is the need for a secure and efficient way to manage and verify digital attributes associated with public keys, ensuring trust in digital identities. The apparatus includes a processor configured to receive a request for one or more attributes associated with a digital identity. The processor retrieves the requested attributes from a storage system and generates an attribute certificate containing an enrollment public key. This enrollment public key is derived from an enrollment certificate obtained through an attribute certificate authority (ACA). The ACA acts as a trusted third party that issues and manages attribute certificates, binding specific attributes to a public key. The system ensures that the attributes are securely associated with the correct identity, preventing unauthorized modifications or fraudulent claims. The processor may also validate the retrieved attributes against the enrollment certificate to confirm their authenticity and integrity. This validation process involves verifying digital signatures and checking the certificate's validity period. The apparatus supports dynamic attribute retrieval, allowing for real-time updates and revocation checks. The overall system enhances security in digital transactions, access control, and identity verification by providing a trusted framework for managing and validating digital attributes.
12. The apparatus of claim 8 , wherein at least one of the template transaction certificate or the operational transaction certificates correspond to different levels of an audit tree, the audit tree to be used by entities with different jurisdictions or levels of privacy to decrypt and recover the attributes.
This invention relates to a secure transaction system using cryptographic techniques to manage and audit transactions across different jurisdictions or privacy levels. The system employs an audit tree structure where transaction certificates are organized hierarchically, allowing entities with varying access rights to decrypt and recover transaction attributes based on their jurisdiction or privacy level. The apparatus includes a template transaction certificate and operational transaction certificates, where at least one of these certificates corresponds to different levels within the audit tree. This hierarchical structure enables selective decryption and recovery of transaction attributes, ensuring that only authorized entities can access specific data based on their assigned level. The system enhances privacy and compliance by restricting access to transaction details according to predefined rules, making it suitable for applications requiring multi-jurisdictional or multi-tiered privacy controls. The audit tree allows for efficient verification and auditing of transactions while maintaining confidentiality for unauthorized parties. This approach improves security and regulatory compliance in environments where transactions must be auditable yet protected from unauthorized access.
13. The apparatus of claim 8 , wherein the processor is further configured to verify a template transaction certificate signature of the template transaction certificate, and generate one or more keys to access template transaction certificate attribute information associated with the one or more attributes.
This invention relates to secure transaction processing systems, specifically addressing the need for verifying the authenticity and integrity of template transaction certificates used in digital transactions. The system includes a processor configured to verify the digital signature of a template transaction certificate, ensuring that the certificate has not been tampered with and originates from a trusted source. After verification, the processor generates one or more cryptographic keys to access attribute information stored within the certificate. These attributes may include transaction details, user credentials, or other sensitive data required for processing the transaction. The system ensures that only authorized entities can access and modify the certificate's attributes, enhancing security in digital transactions. The processor may also validate the certificate against predefined rules or policies before allowing access to the attribute information. This approach prevents unauthorized modifications and ensures the integrity of transaction data throughout the processing workflow. The invention is particularly useful in financial transactions, identity verification, and other applications where secure access to transaction data is critical.
14. The apparatus of claim 13 , wherein the processor is further configured to concatenate a timestamp, a random value and a counter with the template transaction certificate, and sign the template transaction certificate using a private key.
This invention relates to secure transaction processing systems, specifically methods for enhancing the integrity and authenticity of transaction certificates. The problem addressed is ensuring that transaction certificates cannot be tampered with or reused, which is critical in financial, legal, or other high-security applications. The apparatus includes a processor configured to generate a template transaction certificate, which serves as a standardized format for transaction data. To prevent fraudulent reuse or alteration, the processor concatenates additional security elements with the template certificate. These elements include a timestamp to establish when the certificate was created, a random value to ensure uniqueness, and a counter to track sequential issuance. The combined data is then cryptographically signed using a private key, creating a digitally signed certificate that can be verified using the corresponding public key. This ensures that any modification to the certificate would invalidate the signature, while the timestamp, random value, and counter prevent replay attacks. The invention improves upon prior systems by combining multiple security measures into a single, verifiable certificate structure. The timestamp ensures non-repudiation, the random value prevents duplication, and the counter detects missing or out-of-order transactions. The private key signature provides end-to-end integrity. This approach is particularly useful in distributed systems where transaction certificates must be securely transmitted and validated across multiple parties.
15. A non-transitory computer readable storage medium configured to store instructions that when executed cause a processor to perform: encrypting information including one or more attributes of one or more entities requesting operational transaction certificates for validating transactions in a distributed database, generating a template transaction certificate for the one or more entities based on the encrypted information of one or more attributes and a key certificate that is jointly owned through the use of digital threshold signatures, the encrypted information included in the template transaction certificate to verify proof of ownership of the one or more attributes, generating operational transaction certificates by the one or more entities based on the template transaction certificate, and issuing one or more tokens for validating corresponding ones of the transactions recorded in the distributed database, each of the one or more tokens including one of the operational transaction certificates including the encrypted information verifying the proof of ownership of the one or more attributes.
This invention relates to secure transaction validation in distributed databases using encrypted attribute-based certificates and threshold signatures. The system addresses the challenge of verifying entity ownership and transaction validity in decentralized environments where trust must be established without centralized authority. The process begins by encrypting attributes of entities requesting transaction certificates, ensuring sensitive data remains protected. A template transaction certificate is then generated using this encrypted information and a key certificate jointly owned through digital threshold signatures, which require multiple parties to authorize access. The encrypted attributes within the template serve as proof of ownership for the entities. Each entity then creates operational transaction certificates based on the template, which are used to validate transactions. Tokens are issued for each transaction, containing the operational certificates and encrypted attributes to verify ownership and transaction legitimacy. This approach enhances security by distributing trust among multiple parties while maintaining verifiable proof of attribute ownership. The system is particularly useful in blockchain or other distributed ledger technologies where secure, decentralized validation is required.
16. The non-transitory computer readable storage medium of claim 15 , wherein the processor is further configured to perform: performing a refresh operation to obtain the one or more attributes; and retrieving the one or more attributes associated with one or more users responsive to the refresh operation being performed.
This invention relates to a computer-implemented system for managing and retrieving user attributes in a data processing environment. The system addresses the challenge of maintaining up-to-date user attribute data, which is critical for applications requiring real-time or near-real-time access to user information, such as authentication, authorization, or personalized services. The system includes a non-transitory computer-readable storage medium storing instructions that, when executed by a processor, cause the processor to perform operations. These operations include performing a refresh operation to obtain one or more attributes associated with one or more users. The refresh operation ensures that the system retrieves the latest attribute data, which may include user preferences, permissions, or other relevant information. The system then retrieves the updated attributes in response to the refresh operation, ensuring that subsequent processes or applications have access to the most current user data. The system may also include additional functionality, such as storing the retrieved attributes in a data structure for efficient access, validating the attributes before use, or triggering the refresh operation based on predefined conditions, such as time intervals or external events. This ensures that the system maintains data accuracy and reliability, which is essential for applications that depend on timely and accurate user information. The invention improves the efficiency and reliability of user attribute management in data processing systems.
17. The non-transitory computer readable storage medium of claim 15 , wherein the one or more attributes are retrieved from an attribute certificate authority.
A system retrieves one or more attributes from an attribute certificate authority to enhance authentication and authorization processes in a networked environment. The attribute certificate authority issues and manages attribute certificates, which contain additional user or device attributes beyond standard identity credentials. These attributes may include roles, permissions, security clearances, or other contextual information required for access control decisions. The system uses these attributes to dynamically adjust access rights, enforce policies, and ensure compliance with security requirements. By centralizing attribute management through a dedicated authority, the system improves scalability, reduces administrative overhead, and enhances security by ensuring attributes are consistently validated and up-to-date. This approach is particularly useful in environments where fine-grained access control is necessary, such as enterprise networks, cloud services, or multi-tenant systems. The system may integrate with existing authentication frameworks, such as OAuth or SAML, to provide seamless attribute-based access control. The attribute certificate authority may also support revocation and renewal mechanisms to maintain attribute integrity over time. This method ensures that access decisions are based on the most current and authoritative attribute data, reducing the risk of unauthorized access or policy violations.
18. The non-transitory computer readable storage medium of claim 17 , wherein the processor is further configured to perform responsive to retrieving the one or more attributes, returning an attribute certificate comprising an enrollment public key from an enrollment certificate acquired via the attribute certificate authority.
Technical Summary: This invention relates to digital certificate management, specifically systems for securely handling attribute certificates in a public key infrastructure (PKI). The problem addressed is the need for a reliable method to retrieve and validate attribute certificates, which are used to associate additional attributes with a public key certificate. The system involves a non-transitory computer-readable storage medium storing instructions that, when executed by a processor, enable the retrieval of one or more attributes associated with a certificate. Upon retrieving these attributes, the processor generates an attribute certificate containing an enrollment public key. This enrollment public key is derived from an enrollment certificate obtained through an attribute certificate authority (ACA). The ACA acts as a trusted entity that issues and manages attribute certificates, ensuring the integrity and authenticity of the attributes associated with a given public key. The solution enhances security by leveraging the ACA to validate and issue attribute certificates, reducing the risk of unauthorized modifications or fraudulent attribute assignments. This approach is particularly useful in environments where fine-grained access control or attribute-based authentication is required, such as enterprise networks or cloud-based services. The system ensures that attribute certificates are properly linked to their corresponding enrollment certificates, maintaining a secure and verifiable chain of trust.
19. The non-transitory computer readable storage medium of claim 15 , wherein at least one of the template transaction certificate or the operational transaction certificates correspond to different levels of an audit tree, the audit tree to be used by entities with different jurisdictions or levels of privacy to decrypt and recover the attributes.
This invention relates to a system for managing and auditing transaction certificates in a secure and hierarchical manner, particularly in environments where different entities require varying levels of access based on jurisdiction or privacy constraints. The system involves generating template transaction certificates and operational transaction certificates, which are stored on a non-transitory computer-readable storage medium. These certificates are structured to correspond to different levels of an audit tree, enabling entities with different jurisdictions or privacy requirements to decrypt and recover specific attributes as needed. The audit tree allows for selective disclosure of information, ensuring that only authorized entities can access certain data while maintaining the integrity and confidentiality of the transaction records. This approach is particularly useful in scenarios where compliance with multiple regulatory frameworks or privacy policies is required, such as in financial transactions, healthcare records, or supply chain management. The system ensures that sensitive information is protected while still allowing for necessary audits and verifications by authorized parties. The hierarchical structure of the audit tree enables efficient and secure access control, reducing the risk of unauthorized data exposure.
20. The non-transitory computer readable storage medium of claim 15 , wherein the processor is further configured to perform: verifying a template transaction certificate signature of the template transaction certificate; generating one or more keys to access template transaction certificate attribute information associated with the one or more attributes; concatenating a timestamp, a random value and a counter with the template transaction certificate; and signing the template transaction certificate using a private key.
This invention relates to secure digital transaction processing, specifically a method for verifying and signing template transaction certificates to ensure data integrity and authenticity. The system involves a processor that verifies the digital signature of a template transaction certificate, which contains predefined transaction attributes. The processor generates cryptographic keys to access and validate the certificate's attribute information. A timestamp, random value, and counter are concatenated with the certificate to create a unique identifier for the transaction. The processor then signs the modified certificate using a private key, ensuring that the transaction data cannot be altered without detection. This process enhances security by preventing unauthorized modifications and ensuring that only valid, authenticated transactions are processed. The invention is particularly useful in financial transactions, digital contracts, or any system requiring secure, verifiable digital certificates. The use of cryptographic keys and digital signatures ensures that the transaction data remains tamper-proof and traceable, addressing concerns around fraud and data integrity in digital transactions.
Unknown
September 24, 2019
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.